Product Management has reviewed and declined this request. You may appeal this decision by reopening this request.
Attempting to reproduce this on OSP10 has failed.: root@harold ~]# ssh stack@undercloud-0 [stack@undercloud-0 ~]$ source stackrc (undercloud) [stack@undercloud-0 ~]$ openstack server list +--------------------------------------+--------------+--------+------------------------+----------------+------------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+--------------+--------+------------------------+----------------+------------+ | ec445e94-b683-46ac-84ac-ccb32c81aaab | controller-0 | ACTIVE | ctlplane=192.168.24.6 | overcloud-full | controller | | 02b6afd3-2e64-41ba-837e-a0972c9e13ef | compute-0 | ACTIVE | ctlplane=192.168.24.11 | overcloud-full | compute | +--------------------------------------+--------------+--------+------------------------+----------------+------------+ (undercloud) [stack@undercloud-0 ~]$ ssh heat-admin.24.6 [heat-admin@controller-0 ~]$ oslopolicy-policy-generator --namespace keystone "identity:delete_project": "rule:admin_required" "identity:list_revoke_events": "rule:service_or_admin" "identity:revoke_system_grant_for_group": "rule:admin_required" <snip> "identity:list_system_grants_for_user": "rule:admin_required" "identity:list_registered_limits": "" "identity:delete_region": "rule:admin_required" This worked for cinder and nova as well. I believe we can close this.
Per comment#2, I don't think the bug is reproducible. Closing as WORKSFORME. Pleease re-open if you encounter the issue again.